VS 2010 - Storing Sensitive Information In A Session Variable?
Dec 17, 2010
I am creating a website that allows users to login to their gameserver remotely and send / receive commands. The connection happens via an UDP socket and requires simply the IP of the gameserver, and a password.
On my website, users can add servers to their accounts, where the server IP and password are stored in a database. Then they can connect to any of their servers, which creates a new Socket object and connects to it using the IP and password of that server.
This Socket object, embedded in an object that also stores the server IP and password, is stored in a Session variable when the user connects, and is retrieved on every page. For example, there's a page where the user can view a list of the players on the server (and kick/ban them), a page with server settings, a page with messages, etc. All these pages require the Socket connection to get their information (they send a certain command and parse the response). When I need to send a command via the socket, I need to send the password of the server each time (otherwise it does not work). My question now is: how secure is this? The password of a server is sensitive information*, but I am storing it in a session variable and sending it (using the Send command of the Socket object) to the server.
i think the Session variable is stored on memory on the server, so I don't think so, but I'm really unsure about these kind of things and I'd like to be certain that my website is secure. Well, I think it will never be 100% secure but I want it to be at least not worth the effort for someone to hack the password. If it takes a lot of trouble then people wouldn't bother, but I don't want to find out that people's passwords are being thrown out on the street (so to speak) and that my website is completely insecure...
View 6 Replies
Similar Messages:
Jun 4, 2010
i m developing an application in .NET mvc2. i m using aspnetMembershipProvider for User registration and related activities. i need some custom information about user that i stored in a separate table (sysUser for example) and linked it to aspnetUser table through foreign key. after Login i need to fetch user's credentials from sysUser table and push it to the session. For this Account controller's Logon method seemed best to me and i pasted following code in my Logon ActionResult
[Code]....
The code is working perfectly for me and put my desired information in the session but the thing is that if a user selects Remember me and on his next visit he won't have to Log in and i would not find my desired information in the Session. where should i put my code that stores the user information in the session.
View 1 Replies
Feb 10, 2010
I have created a custom user creation wizard to store custom user information, This is working fine. I am now trying to create a new page to give the newly created user to create users in there own company, so i need to retrieve the company information from the user profile created and automaticlly fill that information into the new create user wizard. ie User from A company logs in. (company_id from profile is stored in session)
User A wants to make another user in company A (but cannot make a user in company B) User A fills in details for new user, Company A information is autofill into new user info. (possibly from session)
I have read alot about storing membership. info into session but i cannot find any code examples of how to do this. I need to find a way to store Company_id into session and then use that for creating a new user with the same Company_id.
View 7 Replies
Aug 30, 2010
When a use is logged in (Through open-id) we are creating a session variable named "UID" and storing the unique user-id in it. Later we are checking the session to see if the user is logged in. I think this is not the right way, but I could not force the team to change this, as I cannot show how this implementation can be cracked. why (If yes) this implementation is bad?
View 3 Replies
Mar 16, 2010
Im storing the user details in a session variable(session["userid"]) while login.
[Code]....
Im using the session variables in other forms ,there im checking the session variable using the following code.
[Code]....
In this form im having 'export to excel ' button.When i click this button session variable becomes empty and redirected to the login page.(Im having this problem in IE only but in FF it works fine).
View 2 Replies
Oct 28, 2010
I am storing Datatable in Session variable in my project. Is it good practise to do so? The datatable has 20 fields and can run into 1000+ records. Will it hamper my application performance?
View 11 Replies
Mar 2, 2010
I'm building a web system and various clients will have alternate text for default instances throughout the site. One place is the main nav but there are others. The default may be "project" but they may want to call it "event".I'm heading down the road of calling all the terminology settings (there's a list of about 15) and creating an ArrayList that has the id and either the default or their replacement as the items in the ArrayList.I've also got a enum key list called TermKey that has the defaults and the corresponding ID number.
Throughout the code I'll reference TermKey.Project and then do one of these things that I see as options.
1-pull the text from the session (if the client has set it to "event" then the text "event" will be waiting for the call there)2-pull the text from the database every time I need it.3-pull the client's list each time a page loads.Some thoughts on the impact each way or if there is a best practice for
View 5 Replies
Feb 24, 2010
Consider my dataTable contains 10,000 rows and i want to know the pitfall of storing datatable in a session variable... I want to use it until a new row has been added...What type of session mode should i use?
View 4 Replies
Oct 27, 2010
I have heard alot about sql injection and how it is normally caused. Mostly sql injection in my opinion is caused through search boxes. Now my question is quite simple. Is it advisable to store the search keyword in a session variable to prevent sql injection? I don't want to expose the keyword through the querystring as it is prone to attacks. So in short there is no harm in using session variables to store the keyword right?
View 6 Replies
Oct 18, 2010
I have a gridview and a checkbox. I am able to pass the checkbox id to a textbox in the same page. This is then passed as a session variable. However, when I place an option to page and select the checkbox items in the next page, the session variable resets.Please see below code, how do I store "all checkbox" throughout all paging and store it in the session page?
[Code]....
Behind code VB:
[Code]....
[Code]....
[Code]....
View 4 Replies
Dec 18, 2010
How can I use session variable to display user information after authenticated login like Address: 37, kings Road. Position: Secretary base on User ID
View 2 Replies
Nov 2, 2010
I have a need to show sensative information but I would only like it available on screen for 2 minutes, and then after it dissapears.
Since this is part of my web application, I would like the user to stay logged into the web site before and after viewing the information, but in order to view it, I would like them to re-enter their username/password.
Are there any directions I can be pointed into accomplish this task?
View 1 Replies
Jan 29, 2011
I did some google searching on this, but I could not find anything useful.
Basically what I am trying to do is pass some sensetive information to an ActionResult through the click of a HTML ActionLink.
The information I need passing through is, the ProductID and the User IP Address.
So just to clarify:
1) User clicks { I like Product } link (HTML ActionLink)
2) That sends the Product ID and the IP Address of the user to the ActionResult in the Controller.
View 11 Replies
Dec 31, 2011
In my opening page of a web app I create (from a database get) two somewhat large datasets for 2 listboxes. I populate and databind them and all is good with the world
I then want to take those 2 listbox datasets and put them into a session variable for use on other pages of the web app. The reason is I do not want those additional hits in populating the two listboxes again (data does not change)
I am calling a class and passing back a DATASET for each listbox .. then
Session (DATASET_1) = MyClass.Dataset1
Session (DATASET_2) = MyOtherClass.DataSet2
DATASET_1 AND DATASET_2 are defines as constants with a type of DS
When I attempt to rebind the listboxes as
ListBox1.DataSource = Session( DATASET_1 ) *AS System.Data.DataSet ListBox.DataBind()
and the same deal for listbox 2 nothing happens........
View 5 Replies
Mar 28, 2011
I am using ASP.NET 2.0 and C#. I would like to know if the Session variables are Case-sensitive.
Is Session["StudentId"] and Session["StudentID"] considered the same.
Which would be the proper way to access the session details, when in a page someone passes data as Session["StudentId"] and somebody else passes as Session["StudentID"]?
View 6 Replies
Nov 22, 2010
Currently in an .aspx file, I am storing a value (filename that was created in that session) in an hidden text box. When the user clicks on the "Print" labeled Hyperlink control, it opens the file that was stored in the hidden text box control. But when the user goes to different screen (in the same session), I loose the filename value that is stored in the hidden text box control. So I would like to store the filename variable in a session variable. So that if the user leaves this .aspx file and comes back to this .aspx file I can load the value into the hidden text box from the session variable.
View 11 Replies
Nov 12, 2010
I have created a simply website in which users can log on and complete forms. I wish for this data to be saved for when the user next logs on, but havent got a clue how to approach this.
I'g guessing that the data somehow needs to be saved onto a database that can be accessed by all users when they log in?
View 5 Replies
Jan 15, 2011
I am building a RESTful service using WCF. I basically want to save information about a user when they authenticate to the WCF service. For example I want to save their first name, last name, account number , and password in order to access the information in other requests in the same session. Since this information is sensitive I can not store it in a cookie.
I don't want to use asp.net session state because I plan to run this WCF as a Windows Service. Is there something (class, Assembly) I can use that can save user information and retrieve it per request or do I have to create a custom solution that will create an entry in a database every time a client authenticates to the WCF service.
View 5 Replies
Feb 2, 2011
I have a stored procedure which is working fine and also code in my vb class, which when I click on save, looks as though it has executed but no information is saved into the database....
My code used to save the data into the database is below.
[Code]....
View 3 Replies
Sep 12, 2010
in sql i am storing picture information in an image field.
in vs2005crystal report i added this image field.but image is not showing.
View 1 Replies
Aug 13, 2010
I have a LoginName1, LoginView and Login Status on my Master Page. Whenever a user logs himself in, the LoginName1 displays (as for example):
Welcome omarakhtar
Now the only thing I want is how to store this omarakhtar into some variable? Kindly, let me know.
View 1 Replies
Oct 22, 2010
I wanted a formatted text to be converted into unformatted text in the UI . for that I did the following
String strInput;
String strOutput;
strInput = txtEditorAnswer.Text;
strOutput = Regex.Replace(strInput, "<[^>]*>", String.Empty).Trim();
txtEditorAnswer.Text = strOutput;
txtEditorAnswer.Text = Server.HtmlEncode(txtEditorAnswer.Text);
but as it changes the value in the Database also, so its creating a problem for future. Now I need to change the text after being inserted into the database.
View 1 Replies
Aug 25, 2010
I would like to store a collection of strings in the web.config. This collection would vary in size over time. I would like to be able to pull all of the strings in the collection into an array or collection in code. (.Net 4, asp.net)
i.e.
<customCodes>
<VendorCode vendorName="Name1" code="1234567891234567891324567987ddd" isActive="true"/>
<VendorCode vendorName="Name2" code="1sadfsadf1234567891324567987ddd" isActive="true" />
<VendorCode vendorName="Name3" code="123456789dfadfdsaf3324567987d32" isActive="true"/>
</customCodes>
I could use appsettings with the strings all in one value but I would like to seperate it out for organizational reasons. Not using the key/value pair complicates things a bit. I am now getting a message that states "you can't have duplicate elements in a section"
View 2 Replies
Dec 9, 2010
can we grab a global variable or Session or View State variable in the javascript or using jquery?
View 2 Replies
May 17, 2010
I have a web application which uses a session variable to store the logged in userid. If no user is logged in, of course this variable will be empty and the contents displayed on my website are meant for guests. If there is a user logged in, the user specific controls/access/links will then be a displayed.
I am now having issues with my hosting where on shared application pool, the worker recycle is triggered every 90 minutes, this will clear sessions causing all my users to be logged out. I opted for a dedicated application pool, which got worse because I am only allocated 50MB memory limit and if this is reached, the worker recycle is triggered and I lose my sessions again. I have tried as much as possible optimization techniques, e.g. dispose where possible, close connections, disable viewstate for static controls etc but my memory per instance keeps building up from page to page without any signs of improvement. I don't use loops nor store huge objects like bitmaps etc but my sessions are now gone even faster than 90 minutes in shared application pool before.
I have considered using SQL Session State but there isn't a simple guide on using this with MySQL. I am getting desperate and considering using a public variable, a string as a replacement to store logged in user id instead of in a session variable. I am pretty sure this will solve my issue with sessions being recycled but are there any negative consequences of doing this? One problem I can think of is if the user closes the browser, the system will never know that the user is now logged out and this public variable should be nothing. In this scenario, will the GC eventually clear this abandoned public variable.
View 10 Replies